<?php 
#setcookie('hello', 'world', time()+6400);
define("SYSTEMPEPPER", "");

/**
 *  
 */

class Login
{
    private $_output;
    private $_db;
    
    /**
     * @access public
     */
    public function __construct($link)
    {
        if($link instanceof PDO) $this->_db = $link;
        if($_GET['logout']) session_destroy();
        if(!$_SESSION['active'])
        {
            $this->_output = $this->getForm();
        }
        else 
        {
            $this->_output = $this->check();
            echo '<a href="'.HREF.'?logout">Logout</a>';
        }
    }
    
    public function getForm()
    {
        $html = sprintf('
<form name="loginForm" method="post" action="%s">
<table border="1">
    <input type="hidden" name="action" value="login" />
    <tr>
        <td>Username</td><td><input type="text" name="username" id="username" /></td>
    </tr>
    <tr>
        <td>Password</td><td><input type="password" name="password" id="password" /></td>
    </tr>
    <tr>
        <td colspan="2" align="right"><input type="submit" value="Login" /></td>
    </tr>
</table>
</form>
        ', HREF);
        //var_dump($_SERVER['PHP_SELF']);
        return $html;
    }
    
    public function check() 
    {
        $_POST['password'] = md5($_POST['password']);
        $data = $this->getUserData($_POST['username']);
        if($data['user_password'] === md5($data['user_salt'].$_POST['password'].SYSTEMPEPPER))
        {
            $_SESSION['active'] = true;
            $_SESSION['username'] = $_POST['username'];
            echo '$_SESSION: ';var_dump($_SESSION);
        }
        else 
        {
            if(!isset($_SESSION['failure']))
            {
                $_SESSION['failure'] = 1;
            }
            else 
            {
                $_SESSION['failure']++;
            }
            return "Wrong username or password!";
        }
        if($_POST['action'] == 'logout') session_destroy();
    }
    
    private function genAct($length = 8)
    {
        $password = "";
        $possible = "0123456789bcdfghjkmnpqrstvwxyz";
        $i = 0;
        
        // Fill $password till $length is reached
        while ($i < $length)
        {
            // Pick a random character to fill it
            $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
        
            // We want each charactar apear in the string just once
            if (!strstr($password, $char))
            {
                $password .= $char;
                $i++;
            }
        }
        return $password;
    }
    
    private function getUserData($username)
    {
        try 
        {
	        $sql = '
    	        SELECT user_salt, user_password
                FROM sys_users
                WHERE user_username = ?
                   ';
	    	$sql = $this->_db->prepare($sql);
	    	$sql->bindParam(1, $username);
	    	$sql->execute();
	    	$result = $sql->fetch(PDO::FETCH_ASSOC);
	    	if(empty($result))
	    	{
	    		/*$this->_log->record*/var_dump('there are no results from this query', 'db_error');
	    	}
	    	else
	    	{
	    		return $result;
	    	}
	    	
	    	
    	}
    	catch (PDOExeption $exeption)
    	{
    		die($exeption->getMessage());
    	}
        var_dump($sql);
    }
    
    
    
    public function __toString()
    {
        return $this->_output;
    }
    
    /**
     * @access public
     */
    public function __destruct()
    {
    
    }
}